Summary of the invention
The main purpose of the present invention is to provide a kind of digital identification authentication method, unit, system and computers can
Read storage medium, it is intended to solve the low technical problem of digital identification authentication treatment effeciency in the prior art.
To achieve the above object, digital identification authentication method provided by the invention is applied to block platform chain, the block
Platform chain be previously stored with registration user digital identity information ciphertext, the digital identity information ciphertext by examination & approval terminal according to
The personal information of the registration user, which encrypts, to be generated, and the digital identification authentication method includes:
In response to the digital identity information acquisition request that user terminal is sent, by the digital identity information ciphertext of target user
It is sent to the user terminal, so that the digital identity information ciphertext is decrypted to obtain digital body in the user terminal
Part information is in plain text;
In response to the digital identity information acquisition request that the verifying terminal is sent, by the number of the target user
Identity information ciphertext is sent to the verifying terminal, so as to the verifying terminal judge the digital identity information ciphertext with it is described
Whether the digital identity information that user terminal is submitted matches in plain text.
Optionally, the block platform chain generates the encrypted public key and private key for user of registration user after user's registration, with
Just the encrypted public key obtained by the examination & approval terminal using inquiry is encrypted according to the personal information of the registration user and is generated
The digital identity information ciphertext, and decrypted by the user terminal using the private key for user that the block platform chain is sent
Generate the digital identity information in plain text.
Optionally, the digital identity information ciphertext includes the first encryption message and the second encryption message, and described first adds
Close message includes the first ciphertext, and the second encryption message includes the second ciphertext;
The encrypted public key that the examination & approval terminal is obtained using inquiry encrypts life to the personal information of the registration user
Include: at the digital identity information ciphertext
The encrypted public key is obtained to block platform chain inquiry;
Generate random key;
The personal information is encrypted using the random key to generate first ciphertext;
The random key is encrypted using the encrypted public key to generate second ciphertext.
Optionally, described the personal information to be encrypted using the random key to generate the first ciphertext packet
It includes:
Generate random salt value;
The hashed value being made of the personal information and the random salt value is encrypted close to generate described first
Text.
Optionally, it is described first encryption message further include by the examination & approval terminal utilize hash algorithm to the hashed value into
The third ciphertext of row encryption and generation.
Optionally, the first encryption message further includes using examination & approval terminal key by the examination & approval terminal to described first
Ciphertext and the third ciphertext are signed and the first signature value for generating;
The second encryption message further includes close to described second using the examination & approval terminal key by the examination & approval terminal
Text is signed and the second signature value for generating.
Optionally, the private key for user decryption that the user terminal is sent using the block platform chain generates the number
Word identity information includes: in plain text
The user terminal is using the private key for user to the second ciphertext solution in the digital identity information ciphertext
It is dense at the random key;First ciphertext in the digital identity information ciphertext is decrypted using the random key
Generate the hashed value;
The verifying terminal judges the digital identity information ciphertext and the digital identity information that the user terminal is submitted
Whether match in plain text and includes:
The verifying terminal generates third to the hashed value encryption that the user terminal is submitted using hash algorithm and tests
Demonstrate,prove ciphertext;Judge whether the third verifying ciphertext and the third ciphertext in the digital identity information ciphertext are consistent;If
No, then the digital identity information for determining that the digital identity information ciphertext and the user terminal are submitted mismatches in plain text.
Optionally, close in the judgement third verifying ciphertext and the third in the digital identity information ciphertext
After whether text is consistent, further includes:
If so, the verifying terminal is using verifying terminal public key to described first in the digital identity information ciphertext
Ciphertext and the third ciphertext are signed to generate the first signature verification value;
Judge the first signature value in the first signature verification value and the digital identity information ciphertext whether one
It causes;
If so, determining the digital identity information plaintext that the digital identity information ciphertext and the user terminal are submitted
Match;
If it is not, then determining digital identity information that the digital identity information ciphertext and the user terminal are submitted in plain text not
Matching.
To achieve the above object, invention further provides a kind of digital identification authentication equipments, including memory, processing
Device and bus are stored with the digital identification authentication program that can be run on the processor, the number body on the memory
Part authentication procedure realizes any digital identification authentication method as described above when being executed by the processor.
To achieve the above object, invention further provides a kind of digital identification authentication devices, and it is flat to be applied to block chain
Platform, comprising:
Memory module, for the digital identity information ciphertext of registration user, the digital identity information ciphertext to be stored in advance
It is encrypted and is generated according to the personal information of the registration user by examination & approval terminal;
First processing module, the digital identity information acquisition request for being sent in response to user terminal, by target user
Digital identity information ciphertext be sent to the user terminal, so as to the user terminal to the digital identity information ciphertext into
Row decryption is to obtain digital identity information in plain text;
Second processing module, the digital identity information acquisition request for being sent in response to verifying terminal, by the target
The digital identity information ciphertext of user is sent to the verifying terminal, so that the verifying terminal judges the digital identity
Whether information ciphertext matches in plain text with the digital identity information that the user terminal is submitted.
Optionally, the digital identification authentication device further include:
Generation module, for generating the encrypted public key and private key for user of the registration user after user's registration;
Sending module, for the private key for user to be sent to the user terminal, to be utilized by the user terminal
The private key for user decryption generates the digital identity information in plain text;
The memory module is also used to store the encrypted public key, so as to the institute obtained by the examination & approval terminal using inquiry
It states encrypted public key and the digital identity information ciphertext is generated according to the personal information encryption of the registration user.
Optionally, the digital identity information ciphertext includes the first encryption message and the second encryption message, and described first adds
Close message includes the first ciphertext, and the second encryption message includes the second ciphertext;First ciphertext is by the examination & approval terminal benefit
The personal information is encrypted with the random key of generation and is generated;Second ciphertext utilizes institute by the examination & approval terminal
Encrypted public key is stated to encrypt the random key and generated.
Optionally, first ciphertext specifically utilizes the random key to by the personal information by the examination & approval terminal
The hashed value constituted with the random salt value of generation is encrypted and is generated.
Optionally, it is described first encryption message further include by the examination & approval terminal utilize hash algorithm to the hashed value into
The third ciphertext of row encryption and generation.
Optionally, the first encryption message further includes using examination & approval terminal key by the examination & approval terminal to described first
Ciphertext and the third ciphertext are signed and the first signature value for generating;The second encryption message further includes by the examination & approval
Terminal utilizes the second signature value for examining terminal key and being signed and being generated to second ciphertext.
Present invention also provides another digital identification authentication methods, are applied to verifying terminal, comprising:
Receive the digital identity checking request and digital identity information plaintext that user terminal is sent;The digital identity information
It is dense by digital identity information ciphertext solution of the user terminal to the target user for inquiring acquisition in block platform chain in plain text
At, be stored in the block platform chain examination & approval terminal generate each registration user digital identity information ciphertext;
Digital identity information acquisition request is sent to the block platform chain;
Receive the digital identity information ciphertext for the target user that the block platform chain is sent;
Judge the digital identity information that the digital identity information ciphertext and the user terminal are submitted in plain text whether
Matching.
Present invention also provides another digital identification authentication devices, are applied to verifying terminal, comprising:
First receiving module, the digital identity checking request and digital identity information for receiving user terminal transmission are bright
Text;Number of the digital identity information plaintext by the user terminal to the target user for inquiring acquisition in block platform chain
The decryption of identity information ciphertext generates, and the digital identity for each registration user that examination & approval terminal generates is stored in the block platform chain
Information ciphertext;
Request module, for sending digital identity information acquisition request to the block platform chain;
Second receiving module, the digital identity information for receiving the target user that the block platform chain is sent are close
Text;
Judgment module, the digital identity submitted for judging the digital identity information ciphertext and the user terminal
Whether information matches in plain text.
Optionally, the digital identity information of the user terminal submission includes: in plain text
By the user terminal close to described second in the digital identity information ciphertext using the private key for user
It is close to described first in the digital identity information ciphertext using the random key after text decryption generates the random key
The hashed value that text decryption generates;
The judgment module includes:
Hash calculation unit, hashed value encryption generation for being submitted using hash algorithm to the user terminal the
Three verifying ciphertexts;
Hash judging unit, for judging described the in third verifying ciphertext and the digital identity information ciphertext
Whether three ciphertexts are consistent;If it is not, the digital identity for then determining that the digital identity information ciphertext and the user terminal are submitted is believed
Breath mismatches in plain text.
Optionally, the judgment module further include:
Signature unit, for believing in the digital identity for determining that the digital identity information ciphertext and the user terminal are submitted
After breath matches in plain text, using verifying terminal public key to first ciphertext and the third in the digital identity information ciphertext
Ciphertext is signed to generate the first signature verification value;
Signature judging unit, described in judging in the first signature verification value and the digital identity information ciphertext
Whether the first signature value is consistent;If so, determining the digital identity information ciphertext and the digital body that the user terminal is submitted
Part information matches in plain text;If it is not, the digital identity for then determining that the digital identity information ciphertext and the user terminal are submitted is believed
Breath mismatches in plain text.
To achieve the above object, invention further provides a kind of digital identification authentication system, including block platform chain,
The examination & approval terminal and verifying terminal being connect with the block platform chain;Wherein, the examination & approval terminal is used for according to registration user's
Personal information encryption generates digital identity information ciphertext, and is sent to the block platform chain and is stored;The block chain is flat
Platform is used for the digital identity acquisition request sent in response to user terminal, and the digital identity information ciphertext of target user is sent to
The user terminal, so that the digital identity information ciphertext is decrypted to obtain digital identity information in the user terminal
In plain text;The digital identification authentication that the verifying terminal is used to send in response to the user terminal is requested, and is judged from the block
The digital identity information that the digital identity information ciphertext and the user terminal that platform chain inquiry obtains are submitted is in plain text
Whether match.
To achieve the above object, invention further provides a kind of computer readable storage mediums, and the computer can
It reads to be stored with digital identification authentication program on storage medium, the digital identification authentication program can be by one or more processor
It executes, to realize any digital identification authentication method as described above.
To achieve the above object, invention further provides a kind of computer program product, including computer instruction, when
When it runs on computers, computer is allowed to execute any of the above-described kind of digital identification authentication method.
The digital identity information ciphertext of registration user is stored in advance using block platform chain by the present invention, and digital identity information is close
Text is encrypted according to the personal information of registration user by examination & approval terminal and is generated;Block platform chain in response to user terminal by sending
The digital identity information ciphertext of target user is sent to the user terminal, so as to user terminal by digital identity information acquisition request
The digital identity information ciphertext is decrypted to obtain digital identity information in plain text;Block platform chain passes through in response to verifying
The digital identity information acquisition request that terminal is sent, is sent to verifying terminal for the digital identity information ciphertext of target user, with
Just verifying terminal judges whether digital identity information ciphertext matches in plain text with the digital identity information that user terminal is submitted.As it can be seen that
The present invention carries out the storage management of digital identity information using the higher block platform chain of availability, it is possible to provide round-the-clock uninterrupted
Service timely responds to that authentication is enabled to verify work to the digital identity of user in the inquiry request of user terminal and verifying terminal
The service open hour of examination & approval side are no longer limited by and smooth, to effectively improve the place of digital identification authentication work
Efficiency is managed, the occupancy to user time is reduced, improves user experience.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit
In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce
The other step or units of product or equipment inherently.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot
It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the
One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment
Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution
Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims
Protection scope within.
Referring to Fig.1, Fig. 1 is the application scenarios schematic diagram of digital identification authentication method in the present invention.
As shown in Figure 1, examination & approval terminal is under the jurisdiction of the examination & approval side of digital identity, for signing and issuing number to the user by auditing
Identity;Verifying terminal is under the jurisdiction of authentication, for carrying out digital identification authentication to user;Block platform chain, as utilize block
Chain technology carries out the data center of data storage management, for storing the digital identity information for the user that examination & approval terminal is signed and issued,
And query service is provided to user terminal and verifying terminal.
Digital identification authentication method provided by the invention, is applied to block platform chain, and the block platform chain is stored in advance
There is the digital identity information ciphertext of registration user, the digital identity information ciphertext is by examination & approval terminal according to the individual of registration user
Information encryption generates.It is the flow diagram of digital identification authentication method in one embodiment of the invention referring to Fig. 2, Fig. 2.
In one embodiment, this method comprises:
S21: the digital identity information acquisition request sent in response to user terminal, by the digital identity information of target user
Ciphertext is sent to the user terminal, so as to user terminal digital identity information ciphertext is decrypted it is bright to obtain digital identity information
Text.
S22: the digital identity information acquisition request sent in response to verifying terminal, by the digital identity information of target user
Ciphertext is sent to verifying terminal, believes to verify the digital identity that terminal judges that digital identity information ciphertext and user terminal are submitted
Whether breath matches in plain text.
Specifically, different from the prior art, in the digital identification authentication method provided by the present embodiment, examination & approval terminal is
The digital identity information that user signs and issues is especially stored in block platform chain rather than the data center of examination & approval side.It is provided herein
Block platform chain as the data storage center independently of examination & approval side, authentication and user, using block chain technology to
The digital identity information at family carries out secure storage, O&M and management, it is possible to provide safely, conveniently, timely information query service, fills
Intermediary and communication bridge in the presence of digital identification authentication process.
Wherein, block chain is the floor layer technology framework of bit coin, the distributed account book of inherently a kind of decentralization.
Block chain technology, at the linked data structure of block, passes through nodes multiple in network as a kind of sustainable growth, sequential collating
The common calculating for participating in data and record, and the validity of its information is verified mutually.Data are placed on block platform chain, it can
More data are released with solution, allow data really " circulation ".
In the present embodiment, user can first register in block platform chain, and be counted to the examination & approval side of digital identity
The application of body part.The personal information (such as name, date of birth, household register, photo etc.) that user submits in examination & approval side is examined
Core, by agreeing to after signing and issuing digital identity information, examination & approval terminal generates number by encryption according to the personal information of user for audit
Word identity information ciphertext, and be sent to block platform chain and stored.It is easily understood that block platform chain can be in user's registration
Shi Shengcheng User ID, to store and manage respectively according to digital identity information ciphertext of the User ID to each registration user
Reason.Certainly, in reinforcement safety guarantee purpose it may require that user carries out real name registration.
It is carried out the digital identification authentication stage in user using block platform chain, block platform chain was received from user's end
It, can be by the requested mesh of the user terminal after the digital identity information acquisition request (User ID for carrying target user) at end
The digital identity information ciphertext of mark user is sent to the user terminal, so that user terminal is corresponding by decryption acquisition target user
Digital identity information in plain text, so that the digital identity information is forwarded to verifying terminal in plain text, and is carried out to verifying terminal request
Digital identification authentication.
Verifying terminal can be sent after receiving the digital identification authentication request of user terminal transmission to block platform chain
It is directed to the digital identity information acquisition request of target user, equally to obtain the target user stored in block platform chain
Digital identity information ciphertext.Verifying terminal can be by judging that the digital identity information ciphertext and user terminal are submitted as a result,
Digital identity information in plain text whether match and to target user carry out digital identification authentication.
The digital identity information ciphertext of registration user, digital identity information are stored in advance using block platform chain for the present embodiment
Ciphertext is encrypted according to the personal information of registration user by examination & approval terminal and is generated;Block platform chain in response to user terminal by sending
Digital identity information acquisition request, the digital identity information ciphertext of target user is sent to the user terminal, so as to user end
End is decrypted digital identity information ciphertext to obtain digital identity information in plain text;Block platform chain passes through whole in response to verifying
The digital identity information acquisition request sent is held, the digital identity information ciphertext of target user is sent to verifying terminal, so as to
Verifying terminal judges whether digital identity information ciphertext matches in plain text with the digital identity information that user terminal is submitted.
As it can be seen that the present embodiment carries out the storage management of digital identity information using the higher block platform chain of availability, it can
Round-the-clock persistent service is provided, timely responds to enable authentication to user's in the inquiry request of user terminal and verifying terminal
Digital identity verifying work is no longer limited by service open hour of examination & approval side and smooth, to effectively improve number
The treatment effeciency of authentication work, reduces the occupancy to user time, improves user experience.
In addition, digital identification authentication method provided by the present embodiment also has it on the basis of above-mentioned beneficial effect
He is additional the utility model has the advantages that the examination & approval side for signing and issuing business due to handling digital identity in the prior art does not have professional number generally
According to the technology or equipment of secure storage, so also facing biggish security breaches problem by the data center that the side of examination & approval runs;
And block platform chain used by the present embodiment, it can not only ensure the true, safe, credible of data, can also meet in data
To after destruction, restored rapidly using the database application platform calamity of block chain technology for middleware, so as to effective guarantee
The storage security of digital identity information.
Digital identification authentication method provided herein, on the basis of the above, as a kind of preferred embodiment,
Block platform chain generates the encrypted public key and private key for user of registration user after user's registration, to utilize inquiry by examination & approval terminal
The encrypted public key of acquisition generates digital identity information ciphertext according to the personal information encryption of registration user, and is utilized by user terminal
The private key for user decryption that block platform chain is sent generates digital identity information in plain text.
In the present embodiment, the digital identity information ciphertext of user is encrypted particular by key.It is infused in user
When volume block platform chain, block platform chain can generate respectively a pair of secret keys, including encrypted public key and use for each registration user
Family private key.Wherein, private key for user is sent to the user terminal, and carries out storage management by user;Encrypted public key is storable in public key intelligence
In energy contract, to examine terminal after audit has passed through the digital identity application of user, obtained by inquiring public key intelligence contract
The encrypted public key is taken, and is encrypted using the encrypted public key to generate the digital identity information ciphertext of the user.It is readily appreciated that
, each encrypted public key for registering user and private key for user are pairs of matching keys, can be to by adding using private key for user
The digital identity information ciphertext that close public key encryption generates is decrypted.
On the basis of the above, digital identification authentication method provided herein, as a kind of preferred embodiment,
Digital identity information ciphertext include first encryption message and second encryption message, first encryption message include the first ciphertext, second
Encrypting message includes the second ciphertext;
It is to examine terminal using the personal information encryption life for inquiring the encrypted public key obtained to registration user referring to Fig. 3, Fig. 3
At the refinement flow diagram of the process of digital identity information ciphertext:
S31: it is inquired to block platform chain and obtains encrypted public key pk.
S32: random key s is generated.
S33: personal information is encrypted using random key s to generate the first ciphertext.
S34: random key s is encrypted using encrypted public key pk to generate the second ciphertext.
In the present embodiment, examination & approval terminal can specifically utilize the encrypted public key pk obtained from block platform chain and random life
At random key s generate two ciphertexts, to realize double-encryption.Specifically, the personal information of user is utilized with secret
Key s encryption generates the first ciphertext, and in order to protect random key s, random key encryption is generated the using encrypted public key pk
Two ciphertexts, then will include the first ciphertext first encryption message with include the second ciphertext second encrypt message be sent to
Block platform chain is stored, to further increase the security reliability of digital identification authentication, ensures the personal authentication of user
Information is not stolen and leaks.
On the basis of the above, it is preferable that personal information is encrypted using random key to generate in S33
One ciphertext includes:
Generate random salt value;The hashed value being made of personal information plaintext and random salt value is encrypted
To generate the first ciphertext.
Specifically, in order to further increase the safety and confidentiality of encrypted digital identity information, examination & approval terminal is also
It is encrypted in combination with random salt value.With plaintext | | salt is indicated by personal information plaintext and random salt value
The hashed value of composition, then the first ciphertext is Es (plaintext | | salt), and the second ciphertext is Epk (s).
On the basis of the above, it is preferable that the first encryption message further includes utilizing hash algorithm pair by examination & approval terminal
Hashed value is encrypted and the third ciphertext that generates.
In the present embodiment, in order to improve the complexity of encryption data to improve safety, terminal is examined also using Kazakhstan
Uncommon algorithm for encryption generates third ciphertext H (plaintext | | salt).
On the basis of the above, it is preferable that the first encryption message further includes close using examination & approval terminal by examination & approval terminal
Key is signed to the first ciphertext and third ciphertext and the first signature value Signature1 for generating;Second, which encrypts message, further includes
The the second signature value Signature2 for being signed using examination & approval terminal key by examination & approval terminal and being generated to the second ciphertext.
In the present embodiment, examination & approval terminal can also carry out the digital identity information of target user using the method for signature
Encryption, to further increase the safety and confidentiality of data.The first encryption message is indicated with Msg1 as a result, is indicated with Msg2
Second encryption message, then:
Msg1=Es (plaintext | | salt)+H (plaintext | | salt)+Signature1;
Msg2=Epk (s)+Signature2.
It is that user is whole referring to Fig. 4, Fig. 4 on the basis of using above-mentioned Msg1 and Msg2 as digital identity information ciphertext
The private key for user decryption that end is sent using block platform chain generates the refinement flow diagram of the process of digital identity information plaintext:
S41: random key is generated to the second ciphertext Epk (s) decryption in digital identity information ciphertext using private key for user
s。
S42: using random key s to the first ciphertext Es (plaintext | | salt) solution in digital identity information ciphertext
It is dense at hashed value plaintext | | salt.
It is easily understood that decryption is the inverse process of encryption, user terminal can first be decrypted at random using private key for user
Key s recycles random key s to decrypt the hashed value being made of the personal information of target user and random salt value
Plaintext | | salt, i.e. described digital identity information are in plain text.
Referring to Fig. 5, Fig. 5 is that verifying terminal judges digital identity information ciphertext and the number that user terminal is submitted in an embodiment
Word identity information in plain text whether the refinement flow diagram of matched process:
S51: third verifying ciphertext is generated to the hashed value encryption that user terminal is submitted using hash algorithm.
S52: judge whether third verifying ciphertext and the third ciphertext in digital identity information ciphertext are consistent;If it is not, then into
Enter S53.
S53: the digital identity information for determining that digital identity information ciphertext and user terminal are submitted mismatches in plain text.
Specifically, the digital identity information ciphertext and use for the target user that verifying terminal stores in comparing block platform chain
The digital identity information that family terminal is submitted in plain text (i.e. hashed value plaintext | | salt) when, can be calculated first also with Hash
Method is to hashed value plaintext | | salt encryption is to generate third verifying ciphertext, if third verifying ciphertext and digital identity information
Third ciphertext in ciphertext is inconsistent, then can determine that digital identification authentication fails.
Referring to Fig. 6, Fig. 6 is that verifying terminal judges digital identity information ciphertext and user terminal in another embodiment of the present invention
The digital identity information of submission in plain text whether the refinement flow diagram of matched process:
S61: third verifying ciphertext is generated to the hashed value encryption that user terminal is submitted using hash algorithm.
S62: judge whether third verifying ciphertext and the third ciphertext in digital identity information ciphertext are consistent;If it is not, then into
Enter S63;If so, into S64.
S63: the digital identity information for determining that digital identity information ciphertext and user terminal are submitted mismatches in plain text.
S64: using verifying terminal public key in digital identity information ciphertext the first ciphertext and third ciphertext sign
To generate the first signature verification value;Into S65.
S65: judge whether the first signature verification value and the first signature value in digital identity information ciphertext are consistent;If so,
Then enter S66;If it is not, then entering S63.
S66: determine that digital identity information ciphertext matches in plain text with the digital identity information that user terminal is submitted.
In the present embodiment, verifying terminal can carry out both sides to the digital identity information that user terminal is submitted in plain text
With verifying, i.e., on the basis of the Hash carried out in Fig. 5 is verified, then signature verification is carried out, further to ensure data identity
The reliability of authentification of message.When the third calculated by hash algorithm verifies ciphertext consistent and signature verification with third ciphertext
By when, can determine that user terminal submit digital identity information in plain text and the digital identity information ciphertext phase in block platform chain
The digital identification authentication success of the user is assert in matching.
Correspondingly, present invention also provides a kind of digital identification authentication methods applied to verifying terminal, referring to Fig. 7,
Include:
S71: the digital identity checking request and digital identity information plaintext that user terminal is sent are received;Digital identity information
It is decrypted and is generated by digital identity information ciphertext of the user terminal to the target user for inquiring acquisition in block platform chain in plain text, area
The digital identity information ciphertext for each registration user that examination & approval terminal generates is stored in block platform chain.
S72: digital identity information acquisition request is sent to block platform chain.
S73: the digital identity information ciphertext for the target user that block platform chain is sent is received.
S74: judge whether digital identity information ciphertext matches in plain text with the digital identity information that user terminal is submitted.
Particular content can refer to the previously described digital identification authentication method applied to block platform chain, similar content this
In just repeat no more.
Further, referring to Fig. 8, present invention also provides a kind of digital identification authentication equipment 8, which is set
Standby 8 may include memory 81, processor 82 and bus 83, and the number that can be run on processor 82 is stored on memory 81
Authentication program realizes any digital identity as described above when the digital identification authentication program is executed by processor 82
Authentication method.
In the present embodiment, digital identification authentication equipment 8 can be PC (PersonalComputer, PC),
It can be smart phone, tablet computer, palm PC, portable computer, network storage terminal device.Digital identification authentication equipment
8 can be the node of composition CDN network or block chain network.
Wherein, memory 81 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory,
Hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Memory 81
It can be the internal storage unit of digital identification authentication equipment 8 in some embodiments, such as the digital identification authentication equipment 8
Hard disk.Memory 81 is also possible to the External memory equipment of digital identification authentication equipment 8, such as number in further embodiments
The plug-in type hard disk being equipped on ID authentication device 8, intelligent memory card (Smart Media Card, SMC), secure digital
(Secure Digital, SD) card, flash card (Flash Card) etc..Further, memory 81 can also both include number
The internal storage unit of ID authentication device 8 also includes External memory equipment.Memory 81 can be not only used for storage and be installed on
Application software and Various types of data, such as the code of digital identification authentication program of digital identification authentication equipment 8 etc., can be also used for
Temporarily store the data that has exported or will export.
Processor 82 can be in some embodiments a central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 81
Code or processing data, such as execute digital identification authentication program etc..
The bus 83 can be Peripheral Component Interconnect standard (peripheral component interconnect, abbreviation
PCI) bus or expanding the industrial standard structure (extended industry standard architecture, abbreviation EISA)
Bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, in Fig. 8 only with one slightly
Line indicates, it is not intended that an only bus or a type of bus.
Further, digital identification authentication equipment 8 can also include network interface 14, and network interface 14 optionally can wrap
Include wireline interface and/or wireless interface (such as WI-FI interface, blue tooth interface), commonly used in digital identification authentication equipment 8 with
Communication connection is established between other electronic equipments.
Optionally, which can also include user interface, and user interface may include display
(Display), input unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface,
Wireless interface.Optionally, in some embodiments, it is aobvious to can be light-emitting diode display, liquid crystal display, touch control type LCD for display
Show that device and OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) touch device etc..Wherein, display
Can also it is appropriate be known as display screen or display unit, for be shown in the information handled in digital identification authentication equipment 8 and
For showing visual user interface.
Fig. 8 is illustrated only with component 81-83 and the digital identification authentication equipment of digital identification authentication program 8, ability
Field technique personnel can wrap it is understood that the structure shown in Fig. 8 does not constitute the restriction to digital identification authentication equipment 8
It includes and perhaps combines certain components or different component layouts than illustrating less perhaps more components.
Further, present invention also provides a kind of digital identification authentication device, it is applied to block platform chain, referring to Fig. 9,
Fig. 9 is that the schematic diagram of internal structure for the digital identification authentication device that one embodiment of the application discloses includes:
Memory module 91, for the digital identity information ciphertext of registration user to be stored in advance, the digital identity information is close
Text is encrypted according to the personal information of the registration user by examination & approval terminal and is generated;
First processing module 92, the digital identity information acquisition request for sending in response to user terminal, target is used
The digital identity information ciphertext at family is sent to the user terminal, so that the user terminal is to the digital identity information ciphertext
It is decrypted to obtain digital identity information in plain text;
Second processing module 93, the digital identity information acquisition request for being sent in response to the verifying terminal, by institute
The digital identity information ciphertext for stating target user is sent to the verifying terminal, so that the verifying terminal judges the number
Whether word identity information ciphertext matches in plain text with the digital identity information that the user terminal is submitted.
As it can be seen that the present embodiment carries out the storage management of digital identity information using the higher block platform chain of availability, it can
Round-the-clock persistent service is provided, timely responds to enable authentication to user's in the inquiry request of user terminal and verifying terminal
Digital identity verifying work is no longer limited by service open hour of examination & approval side and smooth, to effectively improve number
The treatment effeciency of authentication work, reduces the occupancy to user time, improves user experience.
On the basis of the above, it is preferable that digital identification authentication device further include:
Generation module, for generating the encrypted public key and private key for user of the registration user after user's registration;
Sending module, for the private key for user to be sent to the user terminal, to be utilized by the user terminal
The private key for user decryption generates the digital identity information in plain text;
The memory module is also used to store the encrypted public key, so as to the institute obtained by the examination & approval terminal using inquiry
It states encrypted public key and the digital identity information ciphertext is generated according to the personal information encryption of the registration user.
On the basis of the above, it is preferable that digital identity information ciphertext includes the first encryption message and the second encryption
Message, the first encryption message include the first ciphertext, and the second encryption message includes the second ciphertext;First ciphertext is utilized by examination & approval terminal
The random key of generation encrypts personal information and is generated;Second ciphertext is by examination & approval terminal using encrypted public key to secret
Key is encrypted and is generated.
On the basis of the above, it is preferable that the first ciphertext specifically utilizes random key to by individual by examination & approval terminal
The hashed value that information and the random salt value of generation are constituted is encrypted and is generated.
On the basis of the above, it is preferable that the first encryption message further includes utilizing hash algorithm pair by examination & approval terminal
Hashed value is encrypted and the third ciphertext that generates.
On the basis of the above, it is preferable that the first encryption message further includes close using examination & approval terminal by examination & approval terminal
Key is signed to the first ciphertext and third ciphertext and the first signature value for generating;Second encryption message further includes by examination & approval terminal
The the second signature value signed and generated to the second ciphertext using examination & approval terminal key.
Further, present invention also provides another digital identification authentication devices, are applied to block platform chain, referring to figure
The schematic diagram of internal structure of 10, Figure 10 digital identification authentication devices disclosed for another embodiment of the application, comprising:
First receiving module 101, for receiving the digital identity checking request and digital identity information of user terminal transmission
In plain text;Digital identity information is believed by digital identity of the user terminal to the target user for inquiring acquisition in block platform chain in plain text
It ceases ciphertext decryption to generate, the digital identity information ciphertext for each registration user that examination & approval terminal generates is stored in block platform chain;
Request module 102, for sending digital identity information acquisition request to block platform chain;
Second receiving module 103 receives the digital identity information ciphertext for the target user that block platform chain is sent;
Judgment module 104, the digital identity information plaintext submitted for judging digital identity information ciphertext and user terminal
Whether match.
Optionally, the digital identity information of user terminal submission includes: in plain text
The second ciphertext decryption in digital identity information ciphertext is being generated with secret using private key for user by user terminal
After key, using random key to the hashed value of the first ciphertext decryption generation in digital identity information ciphertext;
Judgment module 104 includes:
Hash calculation unit, it is close for generating third verifying to the hashed value encryption that user terminal is submitted using hash algorithm
Text;
Hash judging unit, for judge third verifying ciphertext and digital identity information ciphertext in third ciphertext whether one
It causes;If it is not, the digital identity information for then determining that digital identity information ciphertext and user terminal are submitted mismatches in plain text.
Optionally, judgment module 104 further include:
Signature unit, in the digital identity information plaintext for determining that digital identity information ciphertext and user terminal are submitted
After matching, using verifying terminal public key in digital identity information ciphertext the first ciphertext and third ciphertext sign to generate the
One signature verification value;
It signs judging unit, for judging that the first signature verification value is with the first signature value in digital identity information ciphertext
It is no consistent;If so, determining that digital identity information ciphertext matches in plain text with the digital identity information that user terminal is submitted;If it is not,
The digital identity information for then determining that digital identity information ciphertext and user terminal are submitted mismatches in plain text.
Further, present invention also provides a kind of digital identification authentication systems, including block platform chain and block chain to put down
The examination & approval terminal and verifying terminal of platform connection;Wherein, examination & approval terminal is used to generate number according to the personal information encryption of registration user
Word identity information ciphertext, and be sent to block platform chain and stored;What block platform chain was used to send in response to user terminal
The digital identity information ciphertext of target user is sent to the user terminal, so as to user terminal logarithm by digital identity acquisition request
Word identity information ciphertext is decrypted to obtain digital identity information in plain text;Verifying terminal is used to send in response to user terminal
Digital identification authentication request, judges the number for inquiring the digital identity information ciphertext obtained from block platform chain and user terminal is submitted
Whether word identity information matches in plain text.
Further, present invention also provides a kind of computer readable storage medium, the computer readable storage mediums
On be stored with digital identification authentication program, the digital identification authentication program can be executed by one or more processor, with reality
Now any digital identification authentication method as described above.
Further, present invention also provides a kind of computer program products, including computer instruction, when it is in computer
When upper operation, computer is allowed to execute any of the above-described kind of digital identification authentication method.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.
The computer program product includes one or more computer instructions.Load and execute on computers the meter
When calculation machine program instruction, entirely or partly generate according to process or function described in the embodiment of the present invention.The computer can
To be general purpose computer, special purpose computer, computer network or other programmable devices.The computer instruction can be deposited
Storage in a computer-readable storage medium, or from a computer readable storage medium to another computer readable storage medium
Transmission, for example, the computer instruction can pass through wired (example from a web-site, computer, server or data center
Such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (such as infrared, wireless, microwave) mode to another website
Website, computer, server or data center are transmitted.The computer readable storage medium can be computer and can deposit
Any usable medium of storage either includes that the data storages such as one or more usable mediums integrated server, data center are set
It is standby.The usable medium can be magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or partly lead
Body medium (such as solid state hard disk Solid State Disk (SSD)) etc.
It is apparent to those skilled in the art that for convenience and simplicity of description, the number of foregoing description
The specific work process of ID authentication device, system and computer readable storage medium, can be with reference in preceding method embodiment
Corresponding process, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, system embodiment described above is only schematical, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application
Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey
The medium of sequence code.
It should be noted that the serial number of the above embodiments of the invention is only for description, do not represent the advantages or disadvantages of the embodiments.And
The terms "include", "comprise" herein or any other variant thereof is intended to cover non-exclusive inclusion, so that packet
Process, device, article or the method for including a series of elements not only include those elements, but also including being not explicitly listed
Other element, or further include for this process, device, article or the intrinsic element of method.Do not limiting more
In the case where, the element that is limited by sentence "including a ...", it is not excluded that including process, device, the article of the element
Or there is also other identical elements in method.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.